Количество 2
Количество 2
CVE-2025-31485
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() method is meant to prevent the caching but the parent::normalize method that is called afterwards still creates the cache key and causes the issue. This vulnerability is fixed in 4.0.22 and 3.4.17.
GHSA-428q-q3vv-3fq3
GraphQL grant on a property might be cached with different objects
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-31485 API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Prior to 4.0.22 and 3.4.17, a GraphQL grant on a property might be cached with different objects. The ApiPlatform\GraphQl\Serializer\ItemNormalizer::isCacheKeySafe() method is meant to prevent the caching but the parent::normalize method that is called afterwards still creates the cache key and causes the issue. This vulnerability is fixed in 4.0.22 and 3.4.17. | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
| GHSA-428q-q3vv-3fq3 GraphQL grant on a property might be cached with different objects | CVSS3: 7.5 | 0% Низкий | 10 месяцев назад |
Уязвимостей на страницу